package info.sixcorners.thesixcornersapp.server;

import info.sixcorners.thesixcornersapp.client.GreetingService;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;

/**
 * The server side implementation of the RPC service.
 * The original implementation was susceptible to an XSS attack.
 */
@SuppressWarnings("serial")
public class GreetingServiceImpl extends RemoteServiceServlet implements
		GreetingService {
	@Override
	public String greetServer(String input) {
		String serverInfo = getServletContext().getServerInfo();
		String userAgent = getThreadLocalRequest().getHeader("User-Agent");
		return "Hello, " + input.replace("<", "&lt;") + "!<br /><br />I am running " + serverInfo +
				".<br /><br />It looks like you are using:<br />" + userAgent.replace("<", "&lt;") +
				"<br /><br />This website is still being created. Sorry for not having anything here.. Happy hunting! :)";
	}
}
